Compare commits
9 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
|
9540cb158c | ||
|
|
1984aced9d | ||
|
|
ca2949da71 | ||
|
|
eb8449fd79 | ||
|
|
547140bafb | ||
|
d245bca445 | ||
|
|
5f899a5510 | ||
|
|
432645431c | ||
|
|
7e4164da26 |
@@ -179,6 +179,17 @@ return array(
|
||||
'nginx'
|
||||
)
|
||||
),
|
||||
'system_nginx_http2_support' => array(
|
||||
'label' => $lng['serversettings']['nginx_http2_support'],
|
||||
'settinggroup' => 'system',
|
||||
'varname' => 'nginx_http2_support',
|
||||
'type' => 'bool',
|
||||
'default' => false,
|
||||
'save_method' => 'storeSettingField',
|
||||
'websrv_avail' => array(
|
||||
'nginx'
|
||||
)
|
||||
),
|
||||
'system_nginx_php_backend' => array(
|
||||
'label' => $lng['serversettings']['nginx_php_backend'],
|
||||
'settinggroup' => 'system',
|
||||
|
||||
@@ -496,6 +496,7 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
||||
('system', 'ssl_cert_chainfile', ''),
|
||||
('system', 'ssl_cipher_list', 'ECDH+AESGCM:ECDH+AES256:!aNULL:!MD5:!DSS:!DH:!AES128'),
|
||||
('system', 'nginx_php_backend', '127.0.0.1:8888'),
|
||||
('system', 'nginx_http2_support', '0'),
|
||||
('system', 'perl_server', 'unix:/var/run/nginx/cgiwrap-dispatch.sock'),
|
||||
('system', 'phpreload_command', ''),
|
||||
('system', 'apache24', '0'),
|
||||
@@ -576,8 +577,8 @@ INSERT INTO `panel_settings` (`settinggroup`, `varname`, `value`) VALUES
|
||||
('panel', 'password_special_char_required', '0'),
|
||||
('panel', 'password_special_char', '!?<>§$%+#=@'),
|
||||
('panel', 'customer_hide_options', ''),
|
||||
('panel', 'version', '0.9.38-rc2'),
|
||||
('panel', 'db_version', '201610070');
|
||||
('panel', 'version', '0.9.38.1'),
|
||||
('panel', 'db_version', '201611180');
|
||||
|
||||
|
||||
DROP TABLE IF EXISTS `panel_tasks`;
|
||||
|
||||
@@ -3513,3 +3513,24 @@ if (isFroxlorVersion('0.9.38-rc1')) {
|
||||
showUpdateStep("Updating from 0.9.38-rc1 to 0.9.38-rc2", false);
|
||||
updateToVersion('0.9.38-rc2');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38-rc2')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38-rc2 to 0.9.38 final", false);
|
||||
updateToVersion('0.9.38');
|
||||
}
|
||||
|
||||
if (isDatabaseVersion('201610070')) {
|
||||
|
||||
showUpdateStep("Add Nginx http2 setting");
|
||||
Settings::AddNew("system.nginx_http2_support", 0);
|
||||
lastStepStatus(0);
|
||||
|
||||
updateToDbVersion('201611180');
|
||||
}
|
||||
|
||||
if (isFroxlorVersion('0.9.38')) {
|
||||
|
||||
showUpdateStep("Updating from 0.9.38 to 0.9.38.1", false);
|
||||
updateToVersion('0.9.38.1');
|
||||
}
|
||||
|
||||
@@ -135,15 +135,6 @@ class phpinterface_fcgid {
|
||||
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
|
||||
$openbasedir .= $_phpappendopenbasedir;
|
||||
|
||||
$openbasedir = explode(':', $openbasedir);
|
||||
$clean_openbasedir = array();
|
||||
foreach ($openbasedir as $number => $path) {
|
||||
if (trim($path) != '/') {
|
||||
$clean_openbasedir[] = makeCorrectDir($path);
|
||||
}
|
||||
}
|
||||
$openbasedir = implode(':', $clean_openbasedir);
|
||||
|
||||
} else {
|
||||
$openbasedir = 'none';
|
||||
$openbasedirc = ';';
|
||||
|
||||
@@ -267,15 +267,6 @@ class phpinterface_fpm {
|
||||
|
||||
$openbasedir .= appendOpenBasedirPath($this->getTempDir());
|
||||
$openbasedir .= $_phpappendopenbasedir;
|
||||
|
||||
$openbasedir = explode(':', $openbasedir);
|
||||
$clean_openbasedir = array();
|
||||
foreach ($openbasedir as $number => $path) {
|
||||
if (trim($path) != '/') {
|
||||
$clean_openbasedir[] = makeCorrectDir($path);
|
||||
}
|
||||
}
|
||||
$openbasedir = implode(':', $clean_openbasedir);
|
||||
}
|
||||
}
|
||||
$fpm_config.= 'php_admin_value[session.save_path] = ' . makeCorrectDir(Settings::Get('phpfpm.tmpdir') . '/' . $this->_domain['loginname'] . '/') . "\n";
|
||||
|
||||
@@ -175,7 +175,7 @@ return array(
|
||||
'int_max' => 94608000, // 3-years
|
||||
'value' => 0
|
||||
),
|
||||
'hsts_incsub' => array(
|
||||
'hsts_sub' => array(
|
||||
'visible' => ($ssl_ipsandports != '' ? true : false),
|
||||
'label' => $lng['admin']['domain_hsts_incsub']['title'],
|
||||
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
|
||||
|
||||
@@ -198,7 +198,7 @@ return array(
|
||||
'int_max' => 94608000, // 3-years
|
||||
'value' => $result['hsts']
|
||||
),
|
||||
'hsts_incsub' => array(
|
||||
'hsts_sub' => array(
|
||||
'visible' => ($ssl_ipsandports != '' ? true : false),
|
||||
'label' => $lng['admin']['domain_hsts_incsub']['title'],
|
||||
'desc' => $lng['admin']['domain_hsts_incsub']['description'],
|
||||
|
||||
@@ -122,7 +122,7 @@ function validateFormFieldString($fieldname, $fielddata, $newfieldvalue)
|
||||
$newfieldvalue = '';
|
||||
$returnvalue = 'stringmustntbeempty';
|
||||
} else {
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true, true, true);
|
||||
$newfieldvalue = validate_ip2($newfieldvalue, true, 'invalidip', true, true, true);
|
||||
$returnvalue = ($newfieldvalue !== false ? true : 'invalidip');
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,40 +21,43 @@
|
||||
* to a line for a open_basedir directive
|
||||
*
|
||||
* @param string $path
|
||||
* the path to check and append
|
||||
* the path to check and append
|
||||
* @param boolean $first
|
||||
* if true, no ':' will be prefixed to the path
|
||||
*
|
||||
* if true, no ':' will be prefixed to the path
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
function appendOpenBasedirPath($path = '', $first = false)
|
||||
{
|
||||
if ($path != '' && $path != '/'
|
||||
&& (! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
|
||||
&& ! preg_match("#^/proc#i", $path)
|
||||
&& ! preg_match("#^/etc#i", $path)
|
||||
&& ! preg_match("#^/sys#i", $path)
|
||||
&& ! preg_match("#:#", $path)
|
||||
) {
|
||||
|
||||
$path = makeCorrectDir($path);
|
||||
|
||||
// check for php-version that requires the trailing
|
||||
// slash to be removed as it does not allow the usage
|
||||
// of the subfolders within the given folder, fixes #797
|
||||
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
|
||||
// check trailing slash
|
||||
if (substr($path, - 1, 1) == '/') {
|
||||
// remove it
|
||||
$path = substr($path, 0, - 1);
|
||||
}
|
||||
}
|
||||
|
||||
if ($first) {
|
||||
return $path;
|
||||
}
|
||||
|
||||
return ':' . $path;
|
||||
}
|
||||
return '';
|
||||
if ($path != '' && $path != '/' &&
|
||||
(! preg_match("#^/dev#i", $path) || preg_match("#^/dev/urandom#i", $path))
|
||||
&& ! preg_match("#^/proc#i", $path)
|
||||
&& ! preg_match("#^/etc#i", $path)
|
||||
&& ! preg_match("#^/sys#i", $path)
|
||||
&& ! preg_match("#:#", $path)) {
|
||||
|
||||
if (preg_match("#^/dev/urandom#i", $path)) {
|
||||
$path = makeCorrectFile($path);
|
||||
} else {
|
||||
$path = makeCorrectDir($path);
|
||||
}
|
||||
|
||||
// check for php-version that requires the trailing
|
||||
// slash to be removed as it does not allow the usage
|
||||
// of the subfolders within the given folder, fixes #797
|
||||
if ((PHP_MINOR_VERSION == 2 && PHP_VERSION_ID >= 50216) || PHP_VERSION_ID >= 50304) {
|
||||
// check trailing slash
|
||||
if (substr($path, - 1, 1) == '/') {
|
||||
// remove it
|
||||
$path = substr($path, 0, - 1);
|
||||
}
|
||||
}
|
||||
|
||||
if ($first) {
|
||||
return $path;
|
||||
}
|
||||
|
||||
return ':' . $path;
|
||||
}
|
||||
return '';
|
||||
}
|
||||
|
||||
@@ -49,23 +49,43 @@ function validate_ip($ip, $return_bool = false, $lng = 'invalidip') {
|
||||
* @param string $lng index for error-message (if $return_bool is false)
|
||||
* @param bool $allow_localhost whether to allow 127.0.0.1
|
||||
* @param bool $allow_priv whether to allow private network addresses
|
||||
* @param bool $allow_cidr whether to allow CIDR values e.g. 10.10.10.10/16
|
||||
*
|
||||
* @return string|bool ip address on success, false on failure
|
||||
*/
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false) {
|
||||
function validate_ip2($ip, $return_bool = false, $lng = 'invalidip', $allow_localhost = false, $allow_priv = false, $allow_cidr = false) {
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
$cidr = "";
|
||||
if ($allow_cidr) {
|
||||
$org_ip = $ip;
|
||||
$ip_cidr = explode("/", $ip);
|
||||
if (count($ip_cidr) == 2) {
|
||||
$ip = $ip_cidr[0];
|
||||
$cidr = "/".$ip_cidr[1];
|
||||
} else {
|
||||
$ip = $org_ip;
|
||||
}
|
||||
} elseif (strpos($ip, "/") !== false) {
|
||||
if ($return_bool) {
|
||||
return false;
|
||||
} else {
|
||||
standard_error($lng, $ip);
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
$filter_lan = $allow_priv ? FILTER_FLAG_NO_RES_RANGE : (FILTER_FLAG_NO_RES_RANGE | FILTER_FLAG_NO_PRIV_RANGE);
|
||||
|
||||
if ((filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)
|
||||
|| filter_var($ip, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4))
|
||||
&& filter_var($ip, FILTER_VALIDATE_IP, $filter_lan)
|
||||
) {
|
||||
return $ip;
|
||||
return $ip.$cidr;
|
||||
}
|
||||
|
||||
// special case where localhost ip is allowed (mysql-access-hosts for example)
|
||||
if ($allow_localhost && $ip == '127.0.0.1') {
|
||||
return $ip;
|
||||
return $ip.$cidr;
|
||||
}
|
||||
|
||||
if ($return_bool) {
|
||||
|
||||
@@ -16,10 +16,10 @@
|
||||
*/
|
||||
|
||||
// Main version variable
|
||||
$version = '0.9.38-rc2';
|
||||
$version = '0.9.38.1';
|
||||
|
||||
// Database version (YYYYMMDDC where C is a daily counter)
|
||||
$dbversion = '201610070';
|
||||
$dbversion = '201611180';
|
||||
|
||||
// Distribution branding-tag (used for Debian etc.)
|
||||
$branding = '';
|
||||
|
||||
@@ -2062,3 +2062,6 @@ $lng['admin']['domain_hsts_incsub']['title'] = 'Include HSTS for any subdomain';
|
||||
$lng['admin']['domain_hsts_incsub']['description'] = 'The optional "includeSubDomains" directive, if present, signals the UA that the HSTS Policy applies to this HSTS Host as well as any subdomains of the host\'s domain name.';
|
||||
$lng['admin']['domain_hsts_preload']['title'] = 'Include domain in <a href="https://hstspreload.appspot.com/" target="_blank">HSTS preload list</a>';
|
||||
$lng['admin']['domain_hsts_preload']['description'] = 'If you would like this domain to be included in the HSTS preload list maintained by Chrome (and used by Firefox and Safari), then use activate this.<br>Sending the preload directive from your site can have PERMANENT CONSEQUENCES and prevent users from accessing your site and any of its subdomains.<br>Please read the details at <a href="hstspreload.appspot.com/#removal" target="_blank">hstspreload.appspot.com/#removal</a> before sending the header with "preload".';
|
||||
|
||||
$lng['serversettings']['nginx_http2_support']['title'] = 'Nginx HTTP2 Support';
|
||||
$lng['serversettings']['nginx_http2_support']['description'] = 'enable http2 support for ssl. ENABLE ONLY IF YOUR Nginx SUPPORT THIS FEATURE. (version 1.9.5+)';
|
||||
|
||||
@@ -129,9 +129,7 @@ class bind extends DnsBase
|
||||
// AXFR server #100
|
||||
if (count($this->_axfr) > 0) {
|
||||
foreach ($this->_axfr as $axfrserver) {
|
||||
if (validate_ip($axfrserver, true) !== false) {
|
||||
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
|
||||
}
|
||||
$bindconf_file .= ' ' . $axfrserver . ';' . "\n";
|
||||
}
|
||||
}
|
||||
// close allow-transfer
|
||||
|
||||
@@ -194,10 +194,8 @@ class pdns extends DnsBase
|
||||
// AXFR server #100
|
||||
if (count($this->_axfr) > 0) {
|
||||
foreach ($this->_axfr as $axfrserver) {
|
||||
if (validate_ip($axfrserver, true) !== false) {
|
||||
$ins_data['value'] = $axfrserver;
|
||||
$ins_stmt->execute($ins_data);
|
||||
}
|
||||
$ins_data['value'] = $axfrserver;
|
||||
$ins_stmt->execute($ins_data);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -196,10 +196,12 @@ class nginx extends HttpConfigBase
|
||||
}
|
||||
}
|
||||
|
||||
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
|
||||
|
||||
/**
|
||||
* this HAS to be set for the default host in nginx or else no vhost will work
|
||||
*/
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'listen ' . $ip . ':' . $port . ' default_server' . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
|
||||
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . '# Froxlor default vhost' . "\n";
|
||||
$this->nginx_data[$vhost_filename] .= "\t" . 'server_name ' . Settings::Get('system.hostname') . ';' . "\n";
|
||||
@@ -411,7 +413,9 @@ class nginx extends HttpConfigBase
|
||||
$_vhost_content .= $this->processSpecialConfigTemplate($ipandport['default_vhostconf_domain'], $domain, $domain['ip'], $domain['port'], $ssl_vhost) . "\n";
|
||||
}
|
||||
|
||||
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ';' . "\n";
|
||||
$http2 = $ssl_vhost == true && Settings::Get('system.nginx_http2_support') == '1';
|
||||
|
||||
$vhost_content .= "\t" . 'listen ' . $ipport . ($ssl_vhost == true ? ' ssl' : '') . ($http2 == true ? ' http2' : '') . ';' . "\n";
|
||||
}
|
||||
|
||||
// get all server-names
|
||||
|
||||
Reference in New Issue
Block a user